Bug#20894 Reproducible MySQL client segmentation fault

- Add two null bytes in "buff" variable allowing us to call get_arg two times also for strings longer than sizeof(buff) client/mysql.cc: Make sure there are _two_ zero bytes at the end of buff, to allow 'get_arg' to be called twice on long strings. The first time it will mark end of string with a zero and the second time it will "skip ahead" to the first zero, and the find the second one indicating end of buff. mysql-test/r/mysql.result: Update test results mysql-test/t/mysql.test: Add tests for "com_connect" function in mysql Add test reported in bug
2025-08-01 03:47:19 +03:00 · 2006-10-26 19:51:29 +02:00
parent 060f4196af
commit 08d43705a6
3 changed files with 75 additions and 1 deletions
--- a/client/mysql.cc
+++ b/client/mysql.cc
@ -2934,7 +2934,11 @@ com_connect(String *buffer, char *line)
  bzero(buff, sizeof(buff));
  if (buffer)
  {
-    strmake(buff, line, sizeof(buff) - 1);
+    /*
+      Two null bytes are needed in the end of buff to allow
+      get_arg to find end of string the second time it's called.
+    */
+    strmake(buff, line, sizeof(buff)-2);
    tmp= get_arg(buff, 0);
    if (tmp && *tmp)
    {